Get Indicators for Report¶
GET /1.3/reports/{id}/indicators
Description¶
Returns a paginated list of all indicators contained in a specified report.
Note
If called immediately after report submission, IOCs extraction might not have completed yet. This can result in a 404 (not found) error.
Parameters¶
| Parameter | Required | Default | Description |
|---|---|---|---|
| id | X | TruSTAR report id or external tracking id | |
| idType | internal |
internal or external |
|
| applyWhitelist | true |
if true, whitelisted indicators will be filtered out; otherwise, all indicators will be included but will
contain a field whitelisted, representing whether they have been whitelisted or not |
|
| pageNumber | 0 | which page of the result set to get | |
| pageSize | 100 | The number of results per page. Max allowed size is 1000. |
Response (200)¶
A page of Indicator object.
Note
weight is present in the response but is deprecated.
Example Usage¶
Request¶
curl -k -X GET -H "Authorization: Bearer {access_token}" \
"https://api.trustar.co/api/1.3/reports/1234/indicators?idType=external"
Response¶
{
"items": [
{
"indicatorType": "MALWARE",
"value": "LOCKY",
"weight": 1
},
{
"indicatorType": "URL",
"value": "evil.com",
"weight": 1
},
{
"indicatorType": "EMAIL_ADDRESS",
"value": "attacker@evil.com",
"weight": 1
},
{
"indicatorType": "URL",
"value": "bamb.com",
"weight": 1
}
],
"hasNext": false,
"pageSize": 25,
"pageNumber": 0
}